Posted
by
CmdrTaco
on Wednesday January 26, 2011 @09:16AM
from the because-you-can dept.

dinscott writes "An unknown hacker broke into the 26-year-old internet celebrity's Facebook account and posted a bizarre message calling upon the firm to adopt a social cause. More than 1800 people 'liked' the update before Facebook took down their CEO's page. Facebook has made no public statement about how the hack occurred, possibly to save their CEO from embarrassment."

I'm waiting for the "What do you think of the redesign?" poll. There are multiple scenarios in which/. simply became unusable.
Oh, and by all means mod me down too. If nobody criticizes, nothing will change.

Rather than vague complaints in comments of unrelated articles have you tried providing feedback to Slashdot? I see a lot of people complaining and thinking that because something is broken for them it is broken for everyone. I fail to see how your criticism would lead to change as you sight nothing specific. BTW this isn't just directed at you, but as soon as I saw the redesign my first thought was great, now all of the comments will be complaints about the redesign (before I formed my own opinion I dre

(2) This new interface sucks. First my classic, text-only settings have disappeared which slows donw loading a LOT. Second the Menus and "reply" buttons do not appear on Mozilla Seamonkey or Opera. I have to set the "mask as internet explorer" flag to trick slashdot into believing Mozilla/Opera are IE. Bogus.

http://slashdot.org/users.pl?op=editcomm [slashdot.org] should help a little. You only get this link of javascript is turned off (and turning javascript off doesn't seem to help the D2 CPU hogging, BTW).

Think of it as burning karma for great justice. I'm sick of complaint departments that collect complaints and dump them and support e-mail addresses that don't support anything and free speech zones that aren't and generally of all the bullshit of manufacturing consent. I intend to be obnoxious in return.

There's no indication that they accept bug reports, even. I sent three reports so far, didn't get as much as an auto-response. Also, you'd kinda expect them to set up a bug tracker if they really cared - given that most of their audience cares and knows enough to actually use it if it's there.

The announcement I linked to said "Please direct your bug reports and feedback (good and bad!) to Garrett Woodworth who is currently in charge of such things.". I think it's a pretty good indication, but that's just me.

I haven't received a response, either, although on of the issues I reported has been partially fixed.

Or they could just get off their lazy asses and actually fix bugs rather than just throwing more and more Web 2.0 junk on the site. Major, and hugely obvious, bugs like that should have never been pushed into production.

On topic: He can be phished or bypassed just like 99% of the networked populations...
Off topic/with parent: I can't see any stories on the front page. I got here from my igoogle gadget because that's the only place I can read the headlines. IE8 (at the office so no way of changing) if that helps.

Even the threshold slider is broken. The editing AND programming done by this site appears to be done by those with no more than a two-year community college degree. How STUPID can you people be to release something that is broken for most of the users? How is this supposed to be better? Please, enlighten me. Is it better because it looks new? Because you decided to surprise everyone? Come on. Enlighten me.
--TSP

That's funny, the slider works fine for me. AND the site is a LOT faster than the previous nightmare (and more streamlined).

All they need to do is create "citizen council groups" organized by zip code or something, put everyone inside one, set some default topics such as health and education or public representative responsiveness, and they're done.

The company I work at offers software as a service, we provide a email marketing add on... think company wide letterhead for your email messages from individual users in a company to individual users elsewhere, not bulk/spam mail.

Of course we use the service our selves, duh, and as a developer worried about this exact sort of problem I can tell you that... no one can change high profile users within our organization without direct access to the database server hosts themselves. Their information is more

Is it a dirty hack? Yes, but it'll save face in most cases... not all of course.

If an application server is compromised, or a hole is found in the application, it is possible that the attacker will change the code or produce an SQL injection that will change database server contents, without having direct access to the database server.

If you were really paranoid.... instead of "hard coding"; you would have a special corporate procedure for changing important pages, such as PGP signing of the

Pretty much.Like your signature, and it's sadly accurate: "My Dialup plan provides more data (13GB) than Verizon Wireless (5GB)." Or VirginMobile or Cricket or Sprint, also with 5GB caps. - A modern cellphone internet should not be providing LESS data than the old 56k plans.

What does this have to do with privacy? Are you suggesting that if someone is able to successfully login into your Facebook page, including you, they should be unable to see any personal information? Might as well close down the site.

and built up a few different anonymous networks of relationships incognito in Europe and Asia,

and came back, and realized "Shit. This network of Friends is totally useless for adding my new friends and lovers."

Then he would finally fix Facebook and make it appropriate for me to use. Until then, like all serious billionaires, celebrities, politicians, and just Renaissance men -- I'm holding out. Good luck, Mark.

it's even worse for people like me who were vegan activists but also were in the military. Come on.

"Don't ask Don't Tell?"

Then there's the ex-girlfriends issue, the MCSE studygroup vs Linux club issue, the "friend both my parole officer and my dealer" issue.

Also I strongly dislike the binary "friend" / "notfriend" situation. Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude a

You can create friend lists and have people on that list get a very restricted view.What I do is create an extremely restrictive list. Then if someone with a name I don't recognize (some random nick) and a profile photo I don't recognize (say some cartoon character) tries to add me as friend, and based on mutual friends it seems like I might know him, I can put him on the restrictive list first. Once I do that, since I am now his "friend" (and assuming he doesn't have "friends" default to restricted access)

And you just added him to your Facebook "web of trust", so now everyone you know will also add him as a friend. A ton of people I went to highschool with friended a fake person on Facebook, and when I asked them about it, they said they did it because others apparently knew "her". It's just like pgp/gnupg's web of trust, except people don't check at all. There are several people who never defriended "her" after I pointed out this person was lying every step of the way.

Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

This is troubling you because you are letting Facebook influence the way that you're thinking. It is not some official list for keeping track of what your relationships are with the people that you know. I'd actually find such a thing abhorrent. What it does let you do is let you communicate selectively with a pre-defined (by you!) group of people. Is there really much you'd want to communicate privately to your wife that you wouldn't say or do in-person anyway?

Can't they at least make it a small range of integers? I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

This is troubling you because you are letting Facebook influence the way that you're thinking. It is not some official list for keeping track of what your relationships are with the people that you know. I'd actually find such a thing abhorrent. What it does let you do is let you communicate selectively with a pre-defined (by you!) group of people. Is there really much you'd want to communicate privately to your wife that you wouldn't say or do in-person anyway?

Also, he didn't have to accept the burnout dude's friend request. Like you said, "pre-defined (by you!)". Nobody can force you to FB friend them.

You can use filters, groups, and security settings to manage the different types of friends (like livejournal), but the fine-graining is a total pain to enact retroactively if you've got more than a dozen or so friends.

I was meaning to delete my account for awhile, the thing that made me do it was this burnout dude from over two decades ago whom I hung out with in study hall a couple times wanted to friend me, and I'm thinking, so this dude and my wife are supposedly on the same level, according to facebook's way of thinking?

They're not on the same level. Your wife gets to be in your friends list and your relationship status!

P.S. I use "whom" in every post to offend certain people. If this does not apply to you, please disregard the whom and this postscript.

People I don't want to be friends with want to friend me which leaves the terrible choice of accepting them, causing other people to wonder why exactly it is that you are friends with this person, or ignore them and give them the satisfaction of knowing you still dislike them.

Even funnier is when they start comparing whom you accept and reject... So the guy I sat next to in "diversity training" for four freaking hours is now annoyed at me for not accepting his friend, when he knows I friended his coworker who sent me exactly one work related email but I liked his sig line so he made the cut.

Even funnier when it spills over into work... I was not involved, but I heard of some pretty serious problems where some people would only friend coworkers or reject coworkers of certain rac

I don't think that's an accurate account of what happened. It was his Fan Page [washingtonpost.com], not his personal page. That may or may not have been updated by him -- most likely it was some staff or fan of Zuckerberg.

i fought the trend.. i didnt have a fb account until 2007. it eventually roped me in. Now I'm suceptible to the whims of that wealthy bahstahd. he hasnt bought out slashdot yet has he? (since im calling him a bahstahd)

Yes, that's the proper course of action to take when something goes wrong: immediately affix blame and fire the person who made a mistake. Let's not take the time to learn from our mistakes and ensure we don't repeat them, just get rid of anyone who is at all imperfect.

This is why you are (probably) not in management and never will be. If you are in management, this is why your employees hate you.

Yes, that's the proper course of action to take when something goes wrong: immediately affix blame and fire the person who made a mistake. Let's not take the time to learn from our mistakes and ensure we don't repeat them, just get rid of anyone who is at all imperfect.

This is why you are (probably) not in management and never will be. If you are in management, this is why your employees hate you.

Meanwhile, here in reality... How likely you are to get fired is directly proportional to how public your mistake is or was.

For example, if you make a public mistake on a website everyone's heard of odds are your head will be on the chopping block because investors need to see problems are dealt with swiftly and efficiently. If you just spill coffee on your company-issued laptop you're probably just going to get reprimanded and not allowed to have another one but you keep your job because you only made you

Depends on the company. At a company I was doing contract work for, one of their engineers made a dumb mistake, by not paying enough attention to detail, (only a modest amount was needed anyway), and it ended up costing the company $500K. He wasn't fired, but his department and others had to come up with ways to keep it from happening again.

Knowing that the chances of you getting fired are pretty low for making even a stupid mistake helps people to acknowledge and own up to the mistakes faster and with

That was the joke. You know, that it isn't the proper course of action.

But hey, wrongly assume you know what someone is talking about then start talking down to them and tell them they'll never be a success? Yep! Can definitely tell you're in management. Keep up the good work, somebody has to prove the stereotypes!

I haven't seen any evidence that having a fire-someone-immediately mentality keeps anyone out of management. Except of course the people who are on the receiving end of it. I've seen it (including up close and personal) more times than I want to think about.

You must be new in Slashdot. Being sarcastic is part of the culture here.You are right somewhat, I don't manage people, I manage servers... Thousands of them.People whine bitch and moan... Computers don't, most of them anyways...

Don't mistake observation for advocacy. You are perfectly correct that firing someone usually isn't a decent or useful response to this sort of thing. He is perfectly correct that all too often management scapegoats someone so they can sweep the problem under the rug or at least deflect attention from their own shortcomings (that actually lead to the problem) because they know that THEIR manager will take the same approach.

One of my associates manages the Facebook page of a local baseball team. A while back, they started getting iPhone spam posted to their team's Facebook page. No one could tell why. He was changing passwords, taking away peoples' access, running offline virus scans on their hard drives... Losing his mind with it. Each time one of these messages got posted, they'd lose 1,000 fans due to the spam. That's a big deal for companies that use Facebook.
Turns out, the issue was due to the "mobile updates" feature. According to him, there's a random email address that you send updates to, and that gets posted to your page. This is not something you can disable, you can only request that the address be changed. The result is that you can basically spam a whole ton of random email addresses in this format and get your message posted to a load of random Facebook pages. Facebook has not been helpful in stopping this or disabling this feature for their account.
Since then, I have seen this happen to my girlfriend's Facebook page as well as her friends', etc. This vulnerability is a wide spread problem. It may not be what happened in TFA (I did not read it), but it's out there. And it's insane.

This is incredibly well thought out. I forgot that since this was a free service, you're not permitted to have any concerns about the integrity of information stored on it. Man I'm an ass.
Would love to hear how your tune changes when someone starts sending penis enlargement emails to your grandmother directly from your GMail account.

Why would Facebook host something called Hackercup 2011 and NOT expect something like this to happen during it? It would be like me going to Def Con with a Windows XP machine, use they open wireless network, and get pissed and think it is weird that my computer got hacked. Seriously. Also, I checked the "Hackercup 2011" stuff they are doing, and it should be called just another programming competition. You put the word hacker in there, and something is getting hacked, for real. Maybe ol' zucky-poo should have thought that one out better. They should let the unknown hacker win the Hacker cup since he did a hack cool enough to not just make headlines, but some people that posted the headline to their status got it removed by FB. I would say that the person won regardless of what the even was (the hacker clearly marked at the end that this had to do with the Hackercup)

I take it that they're referring to "hacker" as in Y Combinator's "Hacker News", as in "programmer in general", rather than the more classic meanings of "one who accesses systems without authorisation by means of exploiting vulnerable code, etc" or "skilled programmer with tendencies to the questionably legal".

It's clear that none of Facebook's code was compromised, otherwise other high-profile pages would be being defaced. What's more likely here is that, through some human flaw of easy security questions or simple passwords (I can't see the Zuck or his immediate staff using unsecured wifi), the account was compromised. Ergo, not a hack.
That pedantry aside, I'm very much pleased to see Facebook knocked down a peg or two, especially in the area of security.

Its all good, as long as the message was positive, and made sense in the long run, should be ok, although it should also go to show that too easy to hack a facebook account and hack their info...I wonder if the perp, knows Zuck's private schedule now....unless Zuck himself knows not post all his coming and goings on facebook.